senhasegura: A Name You Can Trust

In the On-Premises solution, which is installed within the customer's infrastructure, data collection is limited to information necessary for business activities. The data is maintained in a segmented manner, and access is controlled by the department. Internal policies are enforced to ensure data integrity, including measures for loss prevention and encryption, in accordance with security standards.

In the SaaS model, senhasegura collects data related to service provision contracts, as well as some essential data for the operation of the application, such as login information. We do not collect sensitive personal data. It's important to highlight that senhasegura does not directly access the application's customer information due to the use of VPC (Virtual Private Cloud). This protected environment ensures that even the support team needs to communicate with the customer for any action that may involve data exposure. This approach reinforces the security and privacy of customer data.

• LGPD
• ISO 27001
• CCPA
• GDPR
• SOC Type II
• SOC Type III

Privacy Policies and Procedures:
We have established robust policies and procedures that comply with key data privacy regulations, including LGPD, GDPR, and CCPA. These guidelines ensure transparency, legality, and respect for data subjects' rights. Additionally, we offer a direct communication channel for data subjects to exercise their rights of access, rectification, and deletion as mandated by law.

Designation of Data Protection Officer (DPO) and Communication Channel:
We have appointed a Data Protection Officer (DPO) to oversee compliance with privacy and security regulations. The DPO acts as the focal point for data protection issues and coordinates compliance activities. We have established a specific channel for privacy and data protection issues to ensure effective responses to queries and requests from data subjects.

Risk Assessment and Treatment:
We have implemented a thorough risk assessment process that includes identifying, evaluating, and addressing information security risks. This enables us to recognize potential threats and implement measures to protect user data.

Access Control and Data Encryption:
We have implemented sophisticated access control mechanisms to comply with strict ISO and SOC standards, ensuring that only authorized users have access to personal data. In addition, we have adopted advanced encryption techniques to protect the confidentiality and integrity of information during storage and transmission, significantly reducing the risk of unauthorized access. These additional measures further strengthen our information security, ensuring effective protection of sensitive data.

Information Security Policies and Employee Awareness:
We have developed comprehensive information security policies based on internationally recognized principles, such as ISO and NIST, that cover several essential aspects of data protection.

Internal Training:
We carry out regular awareness and training activities for all employees to provide information on the best security practices and procedures.

Penetration Testing:
We regularly conduct thorough internal and external penetration tests to identify and address any potential vulnerabilities in our systems and networks. This ensures that our security infrastructure is strong and resilient. Any vulnerabilities discovered during testing are promptly patched to safeguard user data and enhance the organization's security.

Supplier Evaluation:
Before entering into partnerships with suppliers, we conduct a comprehensive assessment of their information security practices and ensure compliance with data protection laws. We verify that they adhere to high security and privacy standards to safeguard user data.

Continuous Monitoring:
We not only evaluate suppliers before establishing partnerships, but we also carry out continuous monitoring throughout the collaboration period. This allows us to ensure that providers maintain high security and privacy standards over time. Any deviations are promptly identified and addressed to mitigate any potential risk to users' data.

senhasegura Private SaaS provides a secure and reliable cloud solution hosted on Google Cloud (GCP), with dedicated virtual private clouds for each customer and robust support.

senhasegura Private SaaS offers a reliable and secure cloud solution, hosted on Google Cloud (GCP), with individual virtual private clouds for each customer and robust support. Our SLA standards guarantee high availability, while our compliance with data protection laws ensures that your data is kept secure and confidential.

We are committed to a 99.9% uptime SLA per year, ensuring uninterrupted access to our services. For details, see the Compute Engine Service Level Agreement provided by Google Cloud.

We adopt a rigorous auditing process involving renowned external companies, which conduct audits on senhasegura multiple times a year and perform internal audits annually. This approach ensures we maintain the highest compliance, security, and privacy levels.

senhasegura helps its clients obtain various compliance certifications. Below are some of the certifications we can assist in achieving:
- ISO/IEC 27001: This international standard for information security management systems (ISMS) emphasizes the importance of controlling privileged access to protect sensitive information.
- PCI DSS (Payment Card Industry Data Security Standard): Requires strict controls over privileged access to protect payment card data.
- SOX (Sarbanes-Oxley Act): Regulation for public companies in the US that mandates robust controls over privileged access to ensure the integrity of financial information.
- HIPAA (Health Insurance Portability and Accountability Act): Requires stringent control over privileged access to protect health data in organizations in the US.
- NIST SP 800-53: A set of information security standards for US government systems that recommends managing privileged access as a critical security measure.

Implementing the senhasegura solution ensures that privileged access is adequately monitored and controlled.
For more information, you can consult our Whitepapers.

senhasegura complies with data privacy regulations such as GDPR, CCPA, and LGPD. Additionally, we offer a portal where data subjects can request various actions related to their data. The portal is available in both PT-BR and EN-US.

senhasegura conducts attack simulations and penetration tests regularly to verify the effectiveness of its security controls. These pentests are carried out internally and externally several times a year, ensuring a thorough and impartial evaluation of our security.

Our Compliance department is continuously dedicated to analyzing the best certifications in the market, ensuring they remain relevant and aligned with the latest security practices. In addition to seeking and obtaining these certifications, we stay at the forefront of security. We conduct annual audits for each accreditation, ensuring we are always up-to-date and compliant with the most stringent standards.

Our certifications offer several benefits to senhasegura's clients, including:


- Reliability: They demonstrate our commitment to industry best practices, ensuring that senhasegura is reliable.
- Security: They guarantee that we implement rigorous measures to protect the environment, providing high security for our products and our company.
- Data Protection: They demonstrate our dedication to protecting data subjects' information, reinforcing our commitment to privacy and regulatory compliance, which are essential for ensuring digital sovereignty and user trust in our services.
These certifications testify to our ongoing commitment to excellence and security.